Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/01/2025, 16:42

General

  • Target

    FM4ffx.exe

  • Size

    314KB

  • MD5

    a6ea8baf987c05383013259a3a96b221

  • SHA1

    dc1f3df6abd8b9fa1a3d364e9021cd5f62590f9f

  • SHA256

    d978712e92d634c150493e35f7dab39483559350914c1a302c0b2c0aaf1c47a3

  • SHA512

    0e6200677efff5a9e2babd8ebac1aba3c32a1f4de0251ba2036b6bd0996170777de40ba5df6e933e0b89fbdf8cc4709d09cd077016c83018d9e338a37b63b277

  • SSDEEP

    6144:He34G2cYkBUQf/5yT2x/lN4VOejFepSBmiBmXOf4b2EDGwyo:WY6fRym/lNcjFeMmymXOAK2

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:3028

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsjA230.tmp

          Filesize

          595B

          MD5

          abcfdc6cfdb17f543e0ac433394bada7

          SHA1

          ca561a3814bd5c380abea0f76a6450e958b74654

          SHA256

          d1d7b36fbd079a76db4bc42e0fa27bea77428a32802417691151dd1eb18a6b6b

          SHA512

          19f5e9a51a7fe12a190db6b1f99e508b8d03d88bf8dbaf11ba0db17c84dadada384315017fba41dde58cc7369fec61342e0849f47ce9f1fa5ea824100f019228

        • C:\Users\Admin\AppData\Local\Temp\nsjA281.tmp

          Filesize

          771B

          MD5

          1da0df55aa5147b962024730e8fda687

          SHA1

          7bfcd8c8e5fb1a23d49bf3e4575dc9b6b022c377

          SHA256

          09dd86231540764ed0c64214366f297a9b4b431d488a26f265e6e926d3cb1c30

          SHA512

          78106806fa6f7a07565a3b8d1e84eb076dbbe1cd1a61ef57123e3b95e0153e27584490a6b02122db5271e9e582b0b956ee243c1af889dfbd9379ba69c4155884

        • C:\Users\Admin\AppData\Local\Temp\nsjA2D2.tmp

          Filesize

          927B

          MD5

          99276dafb9454a3111f145251709144c

          SHA1

          932eb24e55565cb7699278cdc3c75976e835aaad

          SHA256

          f5affe255dffae659cbd6dde9b0ba3f7d9931ef72727f6ed9a9372e92e29ad34

          SHA512

          7a129343c75f9dd015d75444e32c104cb3e710986c4a1c490a9e43b768f74a7459d0cc25c2d6edfe085aac7d364c81aa3d53fccde47c29292234c308fb83e131

        • C:\Users\Admin\AppData\Local\Temp\nsjA374.tmp

          Filesize

          290B

          MD5

          50a304f854d280d8cbf9891a23897ed9

          SHA1

          371c3b8c67265abf507d28d76bc159af9a1a3edb

          SHA256

          d3cc1ded3dfc6fa1c8bac9bc175f695f12d48ee3a6bcd8defc643075712bde97

          SHA512

          63a6e9b44fa19c479719e7f1c13c85cdc91a7adf210924880232cd754140259d4b437c3684a18afee70099b0a4166d59abac3213e4cc0e9c9b55e983b134df54

        • C:\Users\Admin\AppData\Local\Temp\nsjA375.tmp

          Filesize

          345B

          MD5

          86d36fc714b08cd9c8867d386705dca8

          SHA1

          171026e987ee425fa37724041d0a8eed13cd836c

          SHA256

          a6d859c3854093cce6cedb105bee52784203f3dff42d081a6fc684fbfdf89ee9

          SHA512

          04cdcac851ac5ef5aa0c29fcf7c4ac51871d9e68b3a2129cfe108b7e6f3dd741916fab971ef7f70790cd877622d393232dd62798c981f63efadc8726c0d04733

        • C:\Users\Admin\AppData\Local\Temp\nsoA250.tmp

          Filesize

          659B

          MD5

          82c7e0e70d064491fad74a736f78dfa1

          SHA1

          792298c6355926cf86d7edf44f1fe97456402fbd

          SHA256

          2755137ca859bfab7389694be42dbf124eab3827c310271044aeebb4aca2d725

          SHA512

          0f1edcbc930c43adb0deceb0dd7f9b99652ea705f89cabfda1486015f777233d7e2392587cf2e503a3895fac626f52caa130eca1126b22b29a1f8658d475a5c2

        • C:\Users\Admin\AppData\Local\Temp\nsoA2A1.tmp

          Filesize

          822B

          MD5

          67bdb6e5fd9fe8f9ad74c9cd1f318674

          SHA1

          6a46b660258c366532289f29cbc72463308b6ddf

          SHA256

          bf915aef1e1d6747163b233dbac1b0fbe7704c05cc941dc5879c3d1ff2fc343d

          SHA512

          1671d0811ad1b43ef2ad7936547560794a3fd819ecae5c8dd5f0bdf7aadc0004d9be8aa7c2b447514e6d2ef0f32d799a775546063eb865bd744db29f245d1d53

        • C:\Users\Admin\AppData\Local\Temp\nsoA3EA.tmp

          Filesize

          776B

          MD5

          9d902f232320f460fd38ed523397e1ea

          SHA1

          34bf2740c3e61715fdaba503771aca292184fe3f

          SHA256

          117e36f2e4a2bce84c20603cc9e60680d8952f9d7a9619c4a318fd17b772f847

          SHA512

          afdabce0debf13217e63193390e1fd3ecfa03679343d5f84daabc337a4bdeb490739871cdd0b1c6f10aaf0a619a84eaa963549ad374162dd32599ab13d98afb0

        • C:\Users\Admin\AppData\Local\Temp\nstA312.tmp

          Filesize

          1KB

          MD5

          a1ce1651f54d92d7f048bb75579f8210

          SHA1

          dd96fc611b4ff6e40fcc6c2a90ac10c39cc91096

          SHA256

          b0e4d99d2447f5949449eae33044647aebffc4f33135bd6bf1c17dab8f47568c

          SHA512

          77fa6330048030b13170dc980f61f88a6fc6d0a71d0edcdf1ddf6058f8b1d6117bdc78b71aa17d01398071aee300e84ceb842271d5a52e73656a7a8ca569a77e

        • C:\Users\Admin\AppData\Local\Temp\nstA361.tmp

          Filesize

          105B

          MD5

          d66b7c36887a3a1f869cd8b637cc43b6

          SHA1

          2e7ad1e83bbe8ae41a119efcaaede2bc82e9d8db

          SHA256

          d7516cb11c81e5ef2e0c7cffa7175c3a7f36f945e788a27024fdc79443fdda45

          SHA512

          155ba55e437c52f3f53d27750fb8365f3489c08a00a8a842610d9d2687aaa067add493273caf5b49fe4bff39eca917eb3f4b4bcb58537119b3ce82e3ed40ceb8

        • C:\Users\Admin\AppData\Local\Temp\nstA362.tmp

          Filesize

          181B

          MD5

          c42ac66e65b412612edb71a328403241

          SHA1

          4461abd35d83f1c35460c8594055635ae41ff585

          SHA256

          949f7631b32975077cbdec0aa2f5e89515236493811761f4ae9104d5368cc859

          SHA512

          dd8cd0b46fbf90d1954174eab59fb63734dc1e840aa3786ae1579ee8ef90b5c8a5dfbe0c7cd0b5518a3dbed22eb00f77bd8d8e1cff6c0ba43af257486b06dda8

        • C:\Users\Admin\AppData\Local\Temp\nstA363.tmp

          Filesize

          236B

          MD5

          312669ce514b8bc32bb714105ed7aef7

          SHA1

          33c38cf50d1537fac6ba4fc52d5630fef5b48b33

          SHA256

          bd15ca594d081e2792a821ca2fce6aa065664e4a885d545c7087b17984da88af

          SHA512

          d08d27e15a3bd6bfe3ee3236a478a15776786fe042f6eb01958a011eb15cf8c9b6c32306eee9635e608235ca0e16f471792518d06e79abeb1f8f4ea2f2876e3e

        • C:\Users\Admin\AppData\Local\Temp\nsyA1EE.tmp

          Filesize

          431B

          MD5

          c4b8833c291dcbfaf8fcf9208c7e231f

          SHA1

          d4810343d6fa4698302557fbedbd23c5d5b45730

          SHA256

          e6a5617414e2ba41120a626843d5918c5613cd87c54b8eac6d0faf147ef0c1c7

          SHA512

          319c3f225a75754f1a5cdcc90abc563e4b0d4f12a337c23107ff8d6c54be62c07b3a664fd687f5fa1fb3f69b3984c2f3a47684d0c842d2c699d8f95c37e2063a

        • C:\Users\Admin\AppData\Local\Temp\nsyA385.tmp

          Filesize

          409B

          MD5

          44a1caae3ae6b7927ed06b79b433bca1

          SHA1

          e1b217373ca90f05aa96ef304d614503512e4314

          SHA256

          2853f85c31b515f1e3a3e1a5c3dfd2f38a10f9f6f85f9ec7af53b97507b0eeb2

          SHA512

          2b95ef6879811107a5620eb478d678d51341dd701cd316317a34953c256ab06b148dc5fa23edd16d11dadd60280fd75b0960fd5d16021c9f0bc5f154a572d66a

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.Admin\user.js

          Filesize

          540B

          MD5

          c6eda8e55f8669828ce84830dceac5af

          SHA1

          da90cc768a6d7bd7bd2507a2f572aee2a48b3a65

          SHA256

          e4ebc6e7a465221d9fa549c61020409c43b7bcd4c5315f59155654d906a92c83

          SHA512

          1f21107d269fe4e3d35ba431a7b8414b2b8f57edda4987d3969d561e2c96951ed727ddc4aa3c9df2285edd25f0b593171fd02bbc5178cedb0c99bfc5b2d2f3b9

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.Admin\user.js

          Filesize

          716B

          MD5

          4a2d448c0be622b9ff918c5352d52948

          SHA1

          102a8c68eeab088fbcf50430e9ef401f655ecdd9

          SHA256

          a0c357cf390c150fae4aa8fade08b88221f1fad9c46a4e03ec5e840febf11921

          SHA512

          d9a4198de4e8ea8914c8d544de708628bec6cfdae7e91e7a82bf436136c9bb65aa0d152d85a4cf5f284fc49445c6000d83eb5283d617b6fdaa23beb9a11983aa

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.Admin\user.js

          Filesize

          977B

          MD5

          e65ac0d92a12719ebd70eb64dc3c9db9

          SHA1

          e27bb357c3c451964702fbfa447e3f5e97a5d8ea

          SHA256

          2e84bc04e4803dfdfe64345de6d536b75dda1680bec617f0eaaee1547c41cc82

          SHA512

          0cbc5e2bfb6436aa07dd9fc036dda5a127d002ea9063c4ff2088278be2398e558b69240696d3908181f501eb4d4edde2832b0382304ca471fdb189dac003f93c

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\user.js

          Filesize

          521B

          MD5

          e14d5067a2f09b8a6356b09356d41a94

          SHA1

          013b1260dc29f5b6e022ba2dac6dd011b5be390a

          SHA256

          1d1aa82d8cc2cea6e90b19977f96463718e02cdee3c17294ad809890aba0d5ac

          SHA512

          6079f1dbd241b88d14bbeb0bbf4dd79016e4133f0178a5ee992eaebe2b04b17027b923797594146193076789d38adeeb58b9e82f1c2c64997c2138554c2420c3

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\user.js

          Filesize

          727B

          MD5

          0433d4170f1e241cb8bbd4388fb9ae3d

          SHA1

          a2dc940d7c63cf66737931f8d96e73e992d1de78

          SHA256

          cd19e7f5492b496e5dd100e0b5962db42d5de505b25f5e3af3082c7a291c0608

          SHA512

          34c8cffb4130338fd2d173b59c142b986b5b7617fbca8a2640939e0c4bc9619930d744e8d65fcd8ddbd1daa9c0ff1151cfe3d238385305aabb440ce1d018288d

        • \Users\Admin\AppData\Local\Temp\nsyA14F.tmp\System.dll

          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

        • \Users\Admin\AppData\Local\Temp\nsyA14F.tmp\Time.dll

          Filesize

          10KB

          MD5

          38977533750fe69979b2c2ac801f96e6

          SHA1

          74643c30cda909e649722ed0c7f267903558e92a

          SHA256

          b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

          SHA512

          e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

        • \Users\Admin\AppData\Local\Temp\nsyA14F.tmp\mt.dll

          Filesize

          5KB

          MD5

          aac69f856c4540edd4ef7ce6c8571639

          SHA1

          2860f55ea9774d631219e66604051e90a43258b7

          SHA256

          6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

          SHA512

          ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

        • \Users\Admin\AppData\Local\Temp\nsyA14F.tmp\nsisos.dll

          Filesize

          5KB

          MD5

          69806691d649ef1c8703fd9e29231d44

          SHA1

          e2193fcf5b4863605eec2a5eb17bf84c7ac00166

          SHA256

          ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

          SHA512

          5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb